Closed ahipp13 closed 1 year ago
@ahipp13 I doubt this is an issue with the helm chart, I recommend raising an issue on Flask-AppBuilder (https://github.com/dpgaspar/Flask-AppBuilder) or Airflow itself.
Hi @thesuperzapper, thank you for responding.
I have already posted in airflow itself, as well as Flask App Builder and authlib. The guy at airflow told me to post here so I did. I just wanted to get everybody’s eyes on this so that I could eliminate some options.
If you are confident this would not be a chart issue then that takes away a possibility, so I appreciate your response. Thank you!
@ahipp13 Can you link those other issues (for posterity's sake)?
Also, I thought that Azure was natively supported by Flask-AppBuilder now, so why do you need to use a custom get_oauth_user_info()
retrieval?
Regarding the CSRF issue itself, my 2 cents are that:
Here are the links to the other issues I have opened:
Airflow: https://github.com/apache/airflow/discussions/28098 FAB: https://github.com/dpgaspar/Flask-AppBuilder/issues/1957 Authlib: https://github.com/lepture/authlib/issues/518
The reason for the custom user info is just that that is how we had it working before it broke so we have kept it. Never thought of getting rid of that, that is something that I can try, although I do not think it will change anything.
With updating airflow to 2.4.3, it means that you have to use the new version of FAB, which in turn now uses Authlib. I did a lot of painful debugging yesterday and think that the problem is coming from authlib. For some reason the state is coming into authlib as "None" and that is what is triggering the errors.
The authlib guy responded to me last night so I am going to try what he said even though he did not give me a lot of info. I will keep this post updated.
This is closed and has been fixed, please refer to here: https://github.com/apache/airflow/discussions/28099
Checks
User-Community Airflow Helm Chart
.Chart Version
8.6.1
Kubernetes Version
Helm Version
Description
We are currently running Airflow 2.4.3 on Kubernetes with the Airflow Community helm chart version 8.6.1. We are also using a postgres external database as our metadata db. We have enabled Microsoft Azure OAuth for our Airflow implementation. When we try to log in, we get a CSRF State Mismatch error. These logs are below. I have posted everywhere about this problem we are having and have had no success, so am seeing if anybody else using this helm chart has seen this. The webserver_config we use to configure the oauth is below:
Relevant Logs
Custom Helm Values